summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobin Appelman <icewind@owncloud.com>2014-09-04 15:23:55 +0200
committerRobin Appelman <icewind@owncloud.com>2014-11-17 15:50:24 +0100
commit7cb12d4bff80e91cb844b9ed0021c290455279ee (patch)
treea0f26f18966564800af59ab8fd309f99da900a91
parent36528c6ef622876f9d89d3b0fbfafc8e44f569fb (diff)
downloadnextcloud-server-7cb12d4bff80e91cb844b9ed0021c290455279ee.tar.gz
nextcloud-server-7cb12d4bff80e91cb844b9ed0021c290455279ee.zip
Add sabredav plugin to check if a user has access to an app
-rw-r--r--lib/private/connector/sabre/appenabledplugin.php75
-rw-r--r--public.php4
-rw-r--r--remote.php4
3 files changed, 81 insertions, 2 deletions
diff --git a/lib/private/connector/sabre/appenabledplugin.php b/lib/private/connector/sabre/appenabledplugin.php
new file mode 100644
index 00000000000..73fed948f9b
--- /dev/null
+++ b/lib/private/connector/sabre/appenabledplugin.php
@@ -0,0 +1,75 @@
+<?php
+
+/**
+ * Copyright (c) 2014 Robin Appelman <icewind@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Connector\Sabre;
+
+use OCP\App\IManager;
+use Sabre\DAV\Exception\Forbidden;
+use Sabre\DAV\ServerPlugin;
+
+/**
+ * Plugin to check if an app is enabled for the current user
+ */
+class AppEnabledPlugin extends ServerPlugin {
+
+ /**
+ * Reference to main server object
+ *
+ * @var \Sabre\DAV\Server
+ */
+ private $server;
+
+ /**
+ * @var string
+ */
+ private $app;
+
+ /**
+ * @var \OCP\App\IManager
+ */
+ private $appManager;
+
+ /**
+ * @param string $app
+ * @param \OCP\App\IManager $appManager
+ */
+ public function __construct($app, IManager $appManager) {
+ $this->app = $app;
+ $this->appManager = $appManager;
+ }
+
+ /**
+ * This initializes the plugin.
+ *
+ * This function is called by \Sabre\DAV\Server, after
+ * addPlugin is called.
+ *
+ * This method should set up the required event subscriptions.
+ *
+ * @param \Sabre\DAV\Server $server
+ * @return void
+ */
+ public function initialize(\Sabre\DAV\Server $server) {
+
+ $this->server = $server;
+ $this->server->subscribeEvent('beforeMethod', array($this, 'checkAppEnabled'), 30);
+ }
+
+ /**
+ * This method is called before any HTTP after auth and checks if the user has access to the app
+ *
+ * @throws \Sabre\DAV\Exception\Forbidden
+ * @return bool
+ */
+ public function checkAppEnabled() {
+ if (!$this->appManager->isEnabledForUser($this->app)) {
+ throw new Forbidden();
+ }
+ }
+}
diff --git a/public.php b/public.php
index 0e04db66da7..c5c227ef460 100644
--- a/public.php
+++ b/public.php
@@ -37,7 +37,9 @@ try {
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
- OC_Util::checkAppEnabled($app);
+ if (!\OC::$server->getAppManager()->isInstalled($app)) {
+ throw new Exception('App not installed: ' . $app);
+ }
OC_App::loadApp($app);
OC_User::setIncognitoMode(true);
diff --git a/remote.php b/remote.php
index d854b1d65a6..7993566afec 100644
--- a/remote.php
+++ b/remote.php
@@ -43,7 +43,9 @@ try {
$file = OC::$SERVERROOT .'/'. $file;
break;
default:
- OC_Util::checkAppEnabled($app);
+ if (!\OC::$server->getAppManager()->isInstalled($app)) {
+ throw new Exception('App not installed: ' . $app);
+ }
OC_App::loadApp($app);
$file = OC_App::getAppPath($app) .'/'. $parts[1];
break;